A string of recent cyber attacks on public entities has a state agency honing in on what it sees as its biggest cyber security weakness: click-happy employees.
The Georgia Public Service Commission sent its own employees fake phishing emails as a way to pinpoint its less discerning staffers.
The first test email, sent under the guise of an Amazon account inquiry, was sent Monday to 86 employees. Five employees clicked the link; three of them went on to fill out the form and submit data.
“Had this been a real attack, we would have been infected,” said Jada Brock, the agency’s director of operations and planning.
Two other state agencies — the Department of Public Safety and the Georgia Administrative Office of Courts — fell victim to cyber attacks this summer. The city of Griffin and the Henry County government were also hit.
Brock said attacks on the Georgia Public Service Commission, which oversees electric, gas and phone services in Georgia, are “constant.”
The agency has adopted several strategies to fortify its network, but Brock said that is all for naught if even one employee clicks on the wrong link or attachment. “Human error,” she said, remains the biggest obstacle.
Brock said more tests — and ones designed to be more convincing than the fake Amazon email — are coming to PSC staffers’ inboxes in the future.
“If we have the same people that are violating the rules here, we need to know about it and we need to plan in order to either take their computer away from them or send them out the door,” said Bubba McDonald, who chairs the PSC commission.